WO2006085453A1 - Procede et dispositif de traitement d'informations, programme informatique et support de stockage lisible par ordinateur - Google Patents

Procede et dispositif de traitement d'informations, programme informatique et support de stockage lisible par ordinateur Download PDF

Info

Publication number
WO2006085453A1
WO2006085453A1 PCT/JP2006/301603 JP2006301603W WO2006085453A1 WO 2006085453 A1 WO2006085453 A1 WO 2006085453A1 JP 2006301603 W JP2006301603 W JP 2006301603W WO 2006085453 A1 WO2006085453 A1 WO 2006085453A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
partial
information
verification
partial data
Prior art date
Application number
PCT/JP2006/301603
Other languages
English (en)
Inventor
Junichi Hayashi
Original Assignee
Canon Kabushiki Kaisha
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Canon Kabushiki Kaisha filed Critical Canon Kabushiki Kaisha
Priority to US11/720,958 priority Critical patent/US8050447B2/en
Priority to EP06712746.4A priority patent/EP1851950B1/fr
Publication of WO2006085453A1 publication Critical patent/WO2006085453A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06TIMAGE DATA PROCESSING OR GENERATION, IN GENERAL
    • G06T1/00General purpose image data processing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06TIMAGE DATA PROCESSING OR GENERATION, IN GENERAL
    • G06T1/00General purpose image data processing
    • G06T1/0021Image watermarking
    • G06T1/0028Adaptive watermarking, e.g. Human Visual System [HVS]-based watermarking
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N1/00Scanning, transmission or reproduction of documents or the like, e.g. facsimile transmission; Details thereof
    • H04N1/32Circuits or arrangements for control or supervision between transmitter and receiver or between image input and image output device, e.g. between a still-image camera and its memory or between a still-image camera and a printer device
    • H04N1/32101Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title
    • H04N1/32144Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title embedded in the image data, i.e. enclosed or integrated in the image, e.g. watermark, super-imposed logo or stamp
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N1/00Scanning, transmission or reproduction of documents or the like, e.g. facsimile transmission; Details thereof
    • H04N1/40Picture signal circuits
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N2201/00Indexing scheme relating to scanning, transmission or reproduction of documents or the like, and to details thereof
    • H04N2201/32Circuits or arrangements for control or supervision between transmitter and receiver or between image input and image output device, e.g. between a still-image camera and its memory or between a still-image camera and a printer device
    • H04N2201/3201Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title
    • H04N2201/3225Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title of data relating to an image, a page or a document
    • H04N2201/3226Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title of data relating to an image, a page or a document of identification information or the like, e.g. ID code, index, title, part of an image, reduced-size image
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N2201/00Indexing scheme relating to scanning, transmission or reproduction of documents or the like, and to details thereof
    • H04N2201/32Circuits or arrangements for control or supervision between transmitter and receiver or between image input and image output device, e.g. between a still-image camera and its memory or between a still-image camera and a printer device
    • H04N2201/3201Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title
    • H04N2201/3225Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title of data relating to an image, a page or a document
    • H04N2201/3233Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title of data relating to an image, a page or a document of authentication information, e.g. digital signature, watermark
    • H04N2201/3236Details of authentication information generation

Definitions

  • the present invention relates to information processing method and device for verifying or authenticating digital data or generating verification data, a computer program for executing the information processing method, and a computer- readable storage medium for storing the computer program.
  • a signature method which aims to verify whether or not partial region data (not whole image data) has been altered is proposed in, for example, United States Patent No . 5, 898 , 779. More specifically, in the signature method proposed in United States Patent No . 5, 898 , 779 for a digital image, as shown in Fig . 17 , an ROI ( region of interest) of the relevant image is first selected (step S131 ) , the hash value (i . e . , the message digest) of the selected ROI is calculated ( step S132 ) , the calculated hash value is encrypted by a private key to generate a digital signature (step S133 ) , and • the generated digital signature is attached to the relevant image (step S134) .
  • an ROI region of interest
  • the hash value i . e . , the message digest
  • the present invention is completed in consideration of such conventional problems as above, and an object thereof is to provide a technique capable of verifying whether or not region data in image data has been altered, and, in addition, capable of verifying that the region data is region data in original image data different from authentic original image data and/or verifying that the region data is different region- data in the authentic original image data .
  • an information processing method which generates verification data for verifying partial completeness of digital data is characterized by comprising : a partial data acquisition step of acquiring partial data included in the digital data;
  • an information processing method which verifies partial completeness of digital data by using verification data generated according to at least one of discrimination information of the digital data and specifying -information of partial data, and the partial data, is characterized by comp'rising : a verification data acquisition step of acquiring verification data; a partial data acquisition step of acquiring the partial data included in the digital data; a discrimination information acquisition step of acquiring at least one of the discrimination information of the digital data and the specifying information of the partial data; a verification data generation step of generating the verification data according to at -least one of the discrimination information of the digital data and the specifying information of the partial data, and the partial data; and a verification step of verifying whether or not relation between the partial data and the digital data is correct, by using the verification data acquired in the verification data acquisition step and the verification data generated in the verification data generation step .
  • FIG. 1 is a diagram showing the whole constitution of a system in the embodiment of the present invention.
  • Fig . 2 is a diagram showing an example of a GUI (graphical user interface) which is applicable in an image reproduction client in the embodiment; •
  • Fig . 3 is a block diagram showing a host computer in the embodiment
  • Fig . 4 is a blpck diagram showing- the constitution of a verification data generation processing unit in the embodiment
  • Fig . 5 is a diagram for explaining partial data -specifying information in the embodiment
  • Fig. 6 is a diagram for explaining combination data in the embodiment
  • Fig . 7 is a flow chart of a verification data generation process in the embodiment
  • Fig . 8 is a block diagram for explaining the configuration of a verification processing unit in the embodiment
  • Fig . 9 is a flow chart of a verification process in the embodiment
  • Fig. 10 is a process for explaining a digital signature generation process in the background art
  • Fig. 11 is a diagram for explaining a verification result in the background art
  • Fig. 12 is a diagram for explaining a verification result in the embodiment.
  • Fig. 13 is a block diagram showing the constitution of a partial data specifying information acquisition unit in the embodiment.
  • Fig . 14 is a diagram for explaining the combination data -in the embodiment.
  • Fig. 15 is a diagram for explaining document data in the embodiment.
  • Figs . 16A and 16B are diagrams for explaining database information in the embodiment; and Fig . 17 is a flow chart showing the signature process in the background art .
  • Fig . 1 an example of the system outline according to the embodiment of the present invention is shown in Fig . 1.
  • the system according to the embodiment consists of an image reproduction client 11, an image delivery server 12 , an image DB (database) 13 and a network 14.
  • the image reproduction client 11 transmits a request for acquiring desired image data to the image delivery server 12 , and then reproduces the image data delivered from the image delivery server 12 through the network 14. Moreover, in the embodiment, the image reproduction client 11 receives, in addition to the image data, verification data corresponding to the relevant image data, and thus verifies whether or not the received image data has been altered.
  • the image delivery server 12 delivers the image data ' stored in the image DB 13, in response to the request for acquiring the image data received from the image reproduction client 11.
  • the image delivery server 12 generates, in addition -to the image data, the verification data by which it is possible on the side of the image reproduction client 11 to verify whether or not the relevant image data has been altered, and then the image delivery server 12 transmits the generated verification data to the image reproduction client 11.
  • the image reproduction client 11 and the image delivery server 12 are mutually connected to each other through the network 14 such as the Internet or the like, whereby various data ' can be exchanged between the image reproduction client 11 and the image delivery server 12.
  • each of the image reproduction client il and the image delivery server 12 may be a multipurpose device such as an ordinary personal computer or the like . In any case, the flow of the process to be executed in the system will be briefly explained hereinafter .
  • a user who browses the images in the system first requests the desired image data to the image delivery server 12 by using the image reproduction client 11. At that time, the user can designate and request partial image data, i . e . , not whole image data ("request of partial data" 1 in Fig . 1 ) .
  • the image delivery server 12 acquires from the image DB 13 the partial image data requested form the image reproduction client 11 ( "acquisition of partial data” 2 in Fig. 1 ) , and generates the -verification data corresponding to the acquired partial image data ("generation of verification data" 3 in Fig . 1) . Subsequently, the image delivery server 12 transmits the acquired partial image data and the generated verification data to the image reproduction client 11 ("transmission of partial data and verification data" 4 in Fig . 1 ) .
  • the image reproduction client 11 ' receives the partial image data and the verification data, verifies based on the verification data whether or not the . received partial image data is correct partial image data, and then displays the verification result ("reproduction and verification of partial data" 5 in Fig. 1 ) .
  • a section 22 to be used for designating "image I ' D" of the desired image data is provided at the top of a window 21.
  • the user designates the image ID by directly inputting it through a not-shown keyboard or the like .
  • a button 23 to be used for acquiring the thumbnail of the image ID designated through the section 22 and displaying the acquired thumbnail is provided at the right of the section 22.
  • the thumbnail of the image data corresponding to the image ID designated through the section 22 is displayed on a thumbnail viewer 24.
  • the user can freely select a desired region 25 in the thumbnail by using the mouse or the like .
  • a button 26 to be used for displaying the detailed information of the designated desired region 25 is provided below the thumbnail viewer 24.
  • the detail of the partial image data designated by the region 25 is displayed on an image viewer 27.
  • the result of the verification process indicating whether or not the partial image data displayed on the image viewer 27 is the correct data is displayed on a section 28. .
  • Fig . 3 shows the basic constitution of the host computer which can function as either the image reproduction client or the image delivery server, and also shows the relation of these devices and their peripheral devices .
  • a host computer 121 is, for example, a personal computer which is in widespread use .
  • the host computer 121 can store the image data in an HD (hard disk) 126, a CD (compact disk) 127, an FD (FloppyTM disk) 128, a DVD (digital versatile disk) 129 and the like, and can also display the image data stored in the HD 126, the CD 127 , the FD 128 , the DVD 129 and the like . Further, the host computer 121 can deliver the image data through the Internet or the like by using an NIC (network interface card) 1210 or the like . On one hand, the various indications and the like from the user are input through a mouse 1213 and a keyboard -1214. In the host computer 121, the later-described functional blocks are mutually connected through a bus 1216 so as to be able to exchange the various data .
  • NIC network interface card
  • numeral 122 denotes a monitor which ⁇ can display various information in the host computer 121.
  • Numeral 123 denotes a CPU (central processing unit) which can control the operation of each unit in the host computer 121 and can also execute the programs loaded in a RAM (random access memory) 125.
  • Numeral 124 denotes a ROM (read only memory) in which the BIOS (Basic Input/Output System) and the boot program have been stored.
  • Numeral 125 denotes the RAM in which the program and the process-target image data are temporarily- stored for the purpose of processes by the CPU 123.
  • the OS operating system
  • the programs for causing the CPU 123 to execute the later-described processes are loaded in the RAM 125.
  • Numeral 126 denotes the HD in which the OS and the programs to be transferred to the RAM or the like are stored.
  • the HD 126 is used to store and ⁇ read the image data while the device is operating .
  • the CD 127 is equivalent to the CD-ROM drive which can read and write various data from and to a CD-ROM (CD-R) being one of external storage media .
  • CD-R CD-ROM
  • the CD 127 is also called the CD-ROM drive 127 hereinafter .
  • the FD 128 which is equivalent to the FD drive 128 can read and write the data from and to the FloppyTM disk.
  • the FD 128 is also called the FD drive 128 hereinafter .
  • the DVD 129 which is equivalent to the DVD-ROM (DVD-RAM) drive 128 can read the data from the DVD-ROM and can write the data to the DVD-RAM.
  • the DVD 129 is also called 'the DVD-ROM drive or the DVD-RAM drive hereinafter .
  • the relevant program is once installed in the HD 126 and then transferred to the RAM 125 according to need.
  • Numeral 1211 denotes an I/F (interface) which connects the host computer 121 to the NIC 1210 for exchanging the image data store in the RAM 125, the HD 126, the CD-ROM 127 , the FD 128, the DVD 129 or the like with the network such as the Internet or the like .
  • the host computer 121 can transmit and receive the data to and from the Internet through the I/F 1211.
  • Numeral 1215 denotes an I/F which connects the mouse 1213 and the keyboard 1214 to the host computer ⁇ 121.
  • the various indications and data input from the mouse 1213 and the keyboard 1214 are transferred to the CPU 123 through the I/F 1215. Verification Data Generation Process>
  • Fig . 4 shows the verification data generation processing function and the verification data generation method according to the embodiment .
  • numeral 31 denotes an image discrimination information acquisition unit
  • numeral 32 denotes a partial data specifying information acquisition unit
  • numeral 33 denotes a partial data acquisition unit
  • numeral 34 denotes a combining processing unit
  • numeral 35 denotes a key acquisition unit
  • numeral 36 denotes a verification data generation processing unit .
  • the verification data generation processing function shown in Fig . 4 is one function included in the image delivery server 12 shown in Fig . 1.
  • the image discrimination information acquisition unit 31 and the partial data specifying information acquisition unit 32 will be -first explained. That is, the image discrimination information acquisition unit 31 acquires and outputs ' image discrimination information ID requested from the image reproduction client 11, and also the partial data specifying information acquisition unit 32 acquires and outputs partial data specifying information Z requested from the image reproduction client 11.
  • the image discrimination information ID- is the information for specifying the image data
  • the- partial data specifying information Z is the information for specifying the partial data in the relevant image data .
  • the file name of the image data is used as the image discrimination information ID by way of example .
  • the ' present invention is not limited to this .
  • the URL Uniform Resource Locater
  • URI Uniform Resource Identifier
  • the partial rectangular region such as the region 25 of Fig . 2 included in the image data is used as the partial data .
  • the upper left coordinate information (xl , yl ) and the lower right coordinate information (x2 , y2 ) of the rectangular region can be used as the partial data specifying information Z .
  • the present invention is not limited to the above . That is , it is apparent that, in addition to the rectangular region, various partial data specifying information- capable of specifying the region is applicable . More specifically, if an arbitrary-shaped region is designated as the partial data, the binary image data in which the pixel corresponding to the location designated ' as the partial data is set to "0" and the pixel corresponding to the location not designated as the partial data is set to "1" can be used as the partial data specifying information Z . For example, as shown in Fig . 5, the binary image in which the outside of a heart ⁇ 171 ) is set to "0" and the inside of the heart ( 172 ) is set to ⁇ l" is applicable as the partial data specifying information Z .
  • a tile index which discriminates the tiles can be used as the partial data specifying -information Z .
  • the partial data acquisition unit 33 acquires from the image DB 31 partial data M corresponding to the image discrimination information ID acquired by the image discrimination information acquisition unit 31 and the partial data specifying information Z acquired by the partial data specifying information acquisition unit 32, and then outputs the acquired partial data M.
  • the data of the partial rectangular region in the image data is output as the partial data M.
  • the combining processing unit 34 will be explained hereinafter . That is, the image discrimination information ID output from the image discrimination information acquisition unit 31, the partial data specifying information Z output from the partial data specifying information acquisition unit 32 and the partial data M output from the partial data acquisition unit 33 are input to the combining processing unit 34 , the input data are combined in the combining processing unit 34 , and combination -data D is then output .
  • the combination data D in the embodiment will be. explained with reference to Fig . 6.
  • the image discrimination information ID, the partial data specifying information Z and the partial data M are combined in predetermined order to generate the combination data D .
  • the order for combining the data is not limited to that shown in Fig . 6.
  • the key acquisition unit 35 acquires and outputs key information Ks necessary for the verification data generation process to be performed by the verification data generation processing unit 36.
  • the verification data generation processing unit 36 will be explained hereinafter . That is , the combination data D output from the combining processing unit 34 and the key information Ks output from the key acquisition unit 35 are input to the verification data generation processing unit 36, verification data S corresponding to the combination data D is thus generated by using the key information Ks in the verification data generation processing unit 36, and the generated verification data S is output .
  • the verification data generation process is not specifically mentioned. That is, various verification data generation processes such as the digital signature generation algorithms such as the RSA (Rivest Shamir Adleman) algorithm, the DSA (digital signature algorithm) and the like, and the MAC (message authentication) generation algorithm such as the HMAC (hash-based . MAC) generation algorithm, the CMAC (cipher-based MAC) generation algorithm and the like are applicable .
  • the digital signature generation algorithm is used as the verification data generation process
  • the key information Ks acquired by the key .acquisition unit 35 is used as the private key of the image delivery server 12.
  • the key information Ks is the shared key which is securely shared by the image reproduction client 11 and the- image delivery server 12.
  • the verification data generation process can be applied to the output value of the hash function by applying the hash function such as MD (Message -Digest) 5, SHA (Secure Hash Algorithm) 1 or the like to the combination data D.
  • MD Message -Digest
  • SHA Secure Hash Algorithm
  • Fig . 7 is the flow chart for explaining the verification data generation process applicable to the embodiment .
  • the. image discrimination information ID and the partial data specifying information Z are acquired respectively by the image discrimination information acquisition unit 31 and the partial data specifying information acquisition unit 32 both shown in Fig . 4.
  • the partial data M corresponding to the image discrimination information ID and the partial data specifying information Z is acquired by the partial data acquisition unit 33 shown in Fig . 4.
  • a step S53 the image discrimination information ID, the partial data specifying information Z and the partial data M are combined by the combining processing unit 34 shown in Fig . 4 to generate the combination data D .
  • the key information Ks for generating the verification data -is acquired in a step S54 the verification data S for the combination data D is then generated by using the key information Ks in a step S55, and the ' verification data generation process ends .
  • numeral 61 denotes a verification data acquisition unit
  • numeral 62 denotes a key acquisition unit
  • numeral 63 denotes a verification data decrypting unit
  • numeral 64 denotes an image discrimination information acquisition unit
  • numeral 65 denotes a partial data specifying information acquisition unit
  • numeral 66 denotes a partial data acquisition unit
  • numeral 67 denotes a combining processing unit
  • numeral 68 denotes a comparison unit .
  • the verification processing function shown in Fig . 8 is one function included in the image reproduction client 11 shown in Fig. 1 " .
  • the verification data acquisition unit 61 will be first explained. That is, the verification data acquisition unit 61 acquires and outputs the verification data S transmitted from the image delivery server 12. Incidentally, it is easily understandable that the verification data S acquired -here is the data output from the verification data generation processing unit 35 shown in Fig . 4.
  • the key acquisition unit 62 will be explained. That is, the key acquisition unit 62 acquires and outputs key information Kp necessary for the verification data .decrypting process to be executed in the verification data decrypting unit 63.
  • the key information Kp acquired by the key acquisition unit 62 is the information substantially corresponding to the key information Ks acquired by ' the key acquisition unit 35 shown in Fig . 4.
  • the private key of the image delivery server 12 is acquired as the key information Ks by the key acquisition unit 35
  • the public key of the image delivery server 12 which makes a pair with the key information Ks is acquired as the key information Kp by the key acquisition unit 62.
  • the shared key is acquired as the key information Ks by the key acquisition unit 35
  • the value equivalent to the key information Ks is acquired as the key information Kp by the key acquisition unit 62
  • the verification data decrypting unit 63 will be explained. That is, the verification data S acquired by the verification data acquisition unit 61 and the key information Kp acquired by the key acquisition unit 62 are input to the verification -data decrypting unit 63, the input verification data S is decrypted by using the key information Kp, and a decrypted value D is output from the verification data decrypting unit 63.
  • the image discrimination information acquisition unit 64 acquires and outputs the image data corresponding to the partial data acquired by the partial data acquisition unit 66, and the partial data specifying information acquisition unit 65 acquires and outputs the information for specifying the partial data .
  • the image discrimination information acquisition unit 64 acquires and outputs the image data corresponding to the partial data acquired by the partial data acquisition unit 66
  • the partial data specifying information acquisition unit 65 acquires and outputs the information for specifying the partial data .
  • the image discrimination information ID is the -information substantially equivalent to the image discrimination information ID acquired by the image discrimination information acquisition unit 31 shown in Fig . 4 and the partial data specifying information Z is the information substantially equivalent to the partial data specifying information Z acquired by the partial data specifying information acquisition unit 32 shown in Fig . 4.
  • the image discrimination information and the partial data specifying information respectively designated by the section 22 and the region 25 both shown in Fig . 2 are previously stored in the RAM 125 (Fig . 3 ) , and then the image discrimination information ID and the partial data specifying information Z stored in the RAM 125 are acquired at the stage of the verification process .
  • the present invention is not limited to the above . That is, the combination data D. ( Fig . 6) can be delivered from the . image delivery server 12 to the image reproduction client 11 , and the image discrimination information ID and the partial data specifying information Z in the received combination data D can be acquired respectively by the image discrimination information acquisition unit 64. and the partial data specifying information acquisition unit 65. In that case, in a -case where the image discrimination information ID and the partial data specifying information Z respectively designated at the time of requesting the partial data are respectively compared with the acquired image discrimination information ID and the acquired partial data specifying information Z, if . coincidence is not acquired, then it is possible to judge that received partial- data M' is not correct and thus to stop the process .
  • the partial data acquisition unit 66 acquires and outputs the partial data M' delivered from the image delivery server 12. Incidentally, it is easily understandable that the partial data M f acquired here is the data output from the partial data acquisition unit 33 shown in Fig . 4.
  • the combining processing unit 67 will be explained. That is, the image discrimination information ID acquired by the image discrimination information acquisition unit 61 , the partial data specifying information Z acquired by the partial data specifying information acquisition unit 65 and the partial data M' acquired by the partial data acquisition unit 66 are input to the combining processing unit 67 , the input data are combined in the combining processing unit 67 , and combination data D' is then output .
  • the combination data D f is generated by combining the image discrimination information ID, the partial data specifying information Z and " the partial data M' respectively acquired by the image discrimination information acquisition unit 64 , the partial data specifying information acquisition unit 65 and the partial data acquisition unit 66, substantially in the same manner as that executed by the combining processing unit 34 shown in Fig . 4.
  • the hash function is applied to the verification data generation processing unit 36 (Fig. 4) , after the combination data D' is generated by the combining processing unit 67 , the hash function same as the hash function applied in the verification data generation processing unit 36 is applied to the generated combination data D' to output the hash .value .
  • the hash function same as the hash function applied in the verification data generation processing unit 36 is applied to the generated combination data D' to output the hash .value .
  • the MAC data of the combination data D (or the hash value thereof) is generated by using the. key information Kp acguired by • the key acquisition unit 63, and the generated MAC data is output .
  • the comparison unit 68 compares the combination data D output from the verification data decrypting unit 63 with the combination data D/ output from the combining processing unit 67 ,' and then outputs the verification result .
  • the partial data M' is the correct data (success in verification) if the value of the combination data D and the value of the combination data D' conform to each other. Meanwhile, if the value of the combination data D and the value of the combination data D' are different from each other, it is judged that the partial data M' is not the correct data (failure in verification) if the value of the combination data D and the value of the combination data D' conform to each other, it is judged that the partial data M' is the correct data (success in verification) if the value of the combination data D and the value of the combination data D' are different from each other, it is judged that the partial data M' is not the correct data (failure in verification) if the value of the combination data D and the value of the combination data D' conform to each other, it is judged that the partial data M' is the correct data (success in verification) if the value of the combination data D and the value of the combination data D' are different from each other, it
  • Fig . 9 is the flow chart for explaining the verification data generation process applicable to the embodiment .
  • a step S71 the verification data S and the key information Kp are acquired respectively by the verification data acquisition unit 61 and the key acquisition unit 62 both shown in Fig. 8.-
  • the verification data S - is decrypted by using the key information Kp to calculate the combination data D by the verification data decrypting unit 63 shown in Fig . 8.
  • the image discrimination information ID, the partial data specifying information Z and the partial data M f ' are acquired respectively by the image discrimination information acquisition unit 64 / the partial data specifying information acquisition unit 65 and the partial data acquisition unit 66 all shown in Fig . 8.
  • a step S74 the image discrimination information ID, the partial data ⁇ specifying information Z and the partial data M' are combined to generate the combination data D' by the combining processing unit 67 shown in Fig. 8.
  • a step S75 it is judged whether or not the combination data D conforms to the combination data D' . If it is judged that the combination data D conforms to the combination data D' , the message "partial data M' is correct data (success in verification) " is displayed in a step S76. Meanwhile, if it is judged that the combination data D does not conform to the combination data D' , the message "partial data M f is not correct data ( failure in verification) " is displayed in a step S77.
  • numeral 161 denotes image data stored in the server
  • numeral 162 denotes a region requested by the client
  • numeral 163 denotes region data acquired by cutting out the region 162
  • numeral 164 denotes a digital -signature for the region data 163.
  • the server cuts out the region 162 from the image data 161 to generate the region data 163, and also generates the digital signature 164 for the region data 163. Then, the generated region data 163 and the digital signature 164 thereof are delivered to the client .
  • the client can verify, by using the digital signature 164, whether or not the received region data - 163 has been altered in . the track of 'the network,
  • numeral 141 denotes image data I ' OOOl requested by the client
  • numeral 142 denotes a partial region in the image data 10001 requested by the client
  • numeral 143 denotes image data 10002 different from the image data 10001
  • numeral 144 denotes a region at the location, in the image data 10002 , same as that of the partial region 142 in the image data 10002
  • numeral 149 denotes a region at the location . different from that of the partial region 142 in the image data 10001.
  • the image data 10001 and the image data 10002 are stored on the server .
  • a table 1410 if the region 142 and the digital signature corresponding- to the region 142 are received (data 145 ) , it is possible to judge that the data is not altered (success in verification) . Meanwhile, if the region 142 which is the altered data and the digital signature corresponding to the region 142 are received (data 146) , it is possible to judge that the data has been altered ( failure in verification) .
  • the region 149 and the digital signature corresponding to the region 149 are received although the region 142 was requested (data 147 ) , it is judged that the data is not altered (success in verification) . This is because, in the verification process , the received region 149 and the digital signature for the region 149 are not at all altered. That is, in that case, it is impossible to detect that the region 149 is received instead of the region 142.
  • the region 144 and the digital signature corresponding to the region 144 are received although the region 142 in the image data 141 was requested (data 148 ) , it is judged that the data is not altered (success in verification) . This is because, in the verification process, the received region 144 and the digital signature for the region 144 are not at all altered. That is, in that case, -it is impossible to detect that the region 144 is received instead of the region 142.
  • numeral 81 denotes whole image data (image discrimination information is 10001 ) designated by using the section 22 ( Fig . 2 ) in the image reproduction client 11 (Fig . 1 )
  • numeral 82 denotes partial data designated by using the region 25 (Fig . 2 ) .
  • numeral 89 denotes partial data, in the image data 10001, indicating the region different from the region 22 designated by jbhe section 22. That is, the partial ⁇ data 89 has image discrimination information ID same as that of the partial data 82 but has partial data specifying information Z' different from that of the partial data 82.
  • numeral 84 denotes partial data, in image data 83 ( image discrimination information is 10002 ) different from the image data 10001 , indicating the region same as the region 82 designated by the section 22 (that is, the upper left coordinates and the lower right coordinates are the same as - those of the region 82 ) . That is, the partial data 84 has image discrimination information -ID' different from that of the partial data 82 but ⁇ has the partial data specifying information Z same as that of the partial data 82.
  • a table 810 shows the actually received partial data and the respective verification results in the case where the image reproduction client 11 requests the partial data (partial data specifying information is Z ) in the image data 81 (image discrimination information ID is 10001 ) .
  • the image discrimination information ID and the partial data specifying information Z are respectively equivalent to the image discrimination -information ID and the partial data specifying information Z in the verification data D ( Fig . 6) .
  • the partial data M' is different from the ⁇ partial data M in the verification data D (Fig . 6) , whereby D does not resultingly conform to D' . In consequence, it judged that the received partial data M' is not correct (failure in verification) .
  • the image discrimination information ID and the partial data M f are respectively " • equivalent to the image discrimination information ID and the partial data M in the verification data D .
  • the partial data specifying information Z is different from the partial data specifying information Z in the verification data D . This is because, in that case, the partial data specifying information in the verification data D is not the information for specifying the region 82 but is the information for specifying the region 89. Thus , D does not resultingly conform to D' . In consequence, it is judged that the received partial data M' is not correct ( failure in verification) .
  • the partial data specifying information Z and the partial data M' are respectively equivalent to the partial data ' specifying information Z and the partial data M in the verification data D.
  • the image discrimination information ID is different from the image discrimination information ID in the verification data . This is because, in that case, the image discrimination information ID in the verification data D is not the image data 10001 but is the image data 10002. Thus , D does not ' resultingly conform to D' . - In consequence, it is judged that the received partial data M' is not correct (failure in verification) .
  • the partial data such as the data 86 can be received if the partial data M' is altered in the track of the network by a malignant -attacker .
  • the partial data such as the data 87 and the data 88 can be received if the partial data M' is falsely monitored by the malignant attacker and then the monitored partial data M f is sent to the image reproduction client 11 ( so called resend attack) .
  • the example of the on-line that the server and the client are respectively disposed on the network is described for purposes of explanation .
  • the present invention is not limited to this . That is, it is apparent that the present invention is applicable to .a case of off-line that any server and client are not used . In case of the off-line, in order to be able to achieve the verification by using the verification method shown in Fig .
  • the partial data specifying information Z acquired by the partial data specifying information acquisition unit 32 (Fig . 4) and the partial data specifying information Z acquired by the partial data specifying information acquisition unit 65 (Fig . 8 ) are the information for specifying the spatial partial region in the image data .
  • the present invention is not limited to this . That is , it is apparent that various information data for specifying resolution, image quality, components and the like are applicable to the present invention if they are the information for specifying the partial data in the image data .
  • the data acquired by properly combined at least two or more of the information data from among the above information data is also applicable to the present invention .
  • Fig. 13 is the block diagram for explaining the • partial data specifying information acquisition unit -32 (Fig. 4 ) , and the partial data specifying information acquisition unit applied instead of the partial data specifying information acquisition unit 65 ( Fig . 8 ) .
  • a partial data specifying information acquisition unit 91 consists of a region specifying information acquisition unit 92 , a resolution specifying information acquisition unit 93, an image quality specifying information acquisition unit 94, a component specifying information acquisition unit 95 and a combining processing unit 96.
  • the region specifying information acquisition unit 92 acquires the information for designating the spatial region in the image
  • the resolution specifying information acquisition unit 93 acquires the information for designating the resolution of the image .
  • the resolution specifying information acquisition unit 93 acquires the identifier of a predetermined resolution level .
  • the image quality specifying information acquisition unit 94 acquires the information for designating the image quality of the image .
  • the image quality specifying information acquisition unit 94 acquires a predetermined layer .
  • the component specifying information acquisition unit 95 acquires the information for designating the component in the image .
  • the component specifying information acquisition unit 95 acquires a luminance component and a predetermined color component .
  • the combining processing unit 96 combines region specifying information P, resolution specifying information R, image quality specifying information L and component specifying information C which are respectively acquired by the region specifying information acquisition unit 92 , the resolution specifying information acquisition unit 93, the image quality specifying information acquisition unit 94 and the component specifying information acquisition unit 95. Then, the combining processing unit 96 outputs the combination data as specifying information Z .
  • the partial data specifying information Z acquired from the partial data 1 specifying information acquisition unit 91 is input to the combining processing unit 34 ( Fig . 4 ) or the combining processing unit 67 ( Fig. 8 ) , and further combined with the image discrimination information ID and the partial data M (or M' ) , whereby the combination data D (or D' ) is generated. As a result, the combination data D (or D' ) as shown in Fig. 14 is acquired.
  • the partial data specifying information can be represented by combining at least two or more information data .
  • the example capable of representing the partial data specifying information by appropriately combining at least two or more information data is not limited to this .
  • the image data and the partial data thereof are explained as the target to be processed .
  • the present invention is not limited to this . That is, it is apparent that the present invention is applicable to various data consisting of the plural partial data .
  • the document data in the embodiment consists of a "company information” component .
  • the "company information” component consists of one "company name” component and plural “company member information” components .
  • each "company member information” component consists of one "company member number” component, one "name” component, one "sexuality (gender) " component and one "in charge of” component .
  • the document name that is , the content of the
  • document data discrimination information ID instead of 1 image data discrimination information .
  • the content of the "company member number” component is used as the partial data specifying information Z, and the content of the "company member information” component is used as the partial data M.
  • the embodiment it is possible to acquire the content of the desired "company member information” component by using the content of the "company member number” component from the document data held -on the server, and - it is then possible to verify whether or not the content of the acquired "company member information” component is correct information .
  • the database information in the embodiment is the aggregation of the company member information (record) consisting of "company member number”, "name”, “sexuality” and "in charge of” .
  • the database name for discriminating each database information is used as database discrimination information ID instead of the image data discrimination information .
  • each "company member number” is used as the partial data specifying information Z
  • each "company member information” is used as the partial data M.
  • the desired company member information i . e . , partial data M
  • the database information i . e . , company discrimination information ID
  • the company member number i . e . , partial data specifying information Z
  • the partial data specifying information Z is included in the partial data M.
  • the present invention is not limited to this . That is, it is possible to set the partial data M not to include the partial data specifying information Z . In this case, it only has to set the data acquired by eliminating the partial data specifying information Z from the desired partial data as the partial data M.
  • the database information discrimination information ID can be set to be "company member number is 000002 and name" as the partial data specifying information Z by using the URL, and the partial data M of the partial data specifying information Z can be set to be "DDD" .
  • the rule -concerning how the database discrimination information ID and the partial data specifying information Z should be set is shared in secret by both the data generation .side and the data verification side, it becomes further difficult to alter the data .
  • the device for encrypting (encoding) and decrypting (decoding) the image data is the multipurpose information processing device such as an ordinary personal computer or the like, and the present invention can be achieved by the computer program running on the ordinary personal computer .
  • the category of the present invention includes the relevant computer program.
  • the computer program has been ordinarily stored in a computer-readable storage medium such as a CD-ROM or the like, and the present invention can be achieved by copying or installing the relevant program on the storage medium to the system of the ordinary personal computer .
  • the category of the present invention naturally includes the relevant computer-readable storage medium.
  • the embodiment it is possible-- to verify whether or not the region data included in the image data has been altered. In addition, it is possible to verify that the region data is the region data included in the original - image data different from the authentic original image data, and/or to verify that the region data is the different region data included in the authentic original data .

Abstract

L'invention porte sur un module d'acquisition qui permet d'acquérir des données partielles incluses dans des données numériques, sur un module d'acquisition qui permet d'acquérir des informations de spécifications des données partielles, sur un combineur qui combine les données partielles et les informations de spécification et sur un générateur de données de vérification qui génère des données de vérification. Il est ainsi possible de vérifier si des données de région dans des données d'images ont été ou non modifiées. De plus, il est possible de vérifier que les données de région sont les données de région dans des données d'images différentes des données d'images d'origine et/ou il est aussi possible de vérifier que les données de région sont des données de région différentes incluses dans les données d'images d'origine.
PCT/JP2006/301603 2005-02-09 2006-01-25 Procede et dispositif de traitement d'informations, programme informatique et support de stockage lisible par ordinateur WO2006085453A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
US11/720,958 US8050447B2 (en) 2005-02-09 2006-01-25 Information processing method and device, computer program, and computer-readable storage medium
EP06712746.4A EP1851950B1 (fr) 2005-02-09 2006-01-25 Procede et dispositif de traitement d'informations, programme informatique et support de stockage lisible par ordinateur

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2005-033016 2005-02-09
JP2005033016A JP4310285B2 (ja) 2005-02-09 2005-02-09 情報処理方法及び装置、並びにコンピュータプログラム及びコンピュータ可読記憶媒体

Publications (1)

Publication Number Publication Date
WO2006085453A1 true WO2006085453A1 (fr) 2006-08-17

Family

ID=36793029

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2006/301603 WO2006085453A1 (fr) 2005-02-09 2006-01-25 Procede et dispositif de traitement d'informations, programme informatique et support de stockage lisible par ordinateur

Country Status (6)

Country Link
US (1) US8050447B2 (fr)
EP (1) EP1851950B1 (fr)
JP (1) JP4310285B2 (fr)
KR (1) KR100921512B1 (fr)
CN (1) CN100574359C (fr)
WO (1) WO2006085453A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2503518A1 (fr) * 2011-03-22 2012-09-26 Kapsch TrafficCom AG Procédé de validation d'une transaction de péage

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8577166B1 (en) * 2006-03-31 2013-11-05 Google Inc. Optimizing web site images using a focal point
CN101364869B (zh) * 2007-08-09 2012-03-28 鸿富锦精密工业(深圳)有限公司 电子文档加密系统及方法
KR101038108B1 (ko) * 2009-05-22 2011-06-08 주식회사 파일태그 위변조 검증용 이미지파일 생성방법 및 이미지파일의 위변조 검증방법
JP5921120B2 (ja) 2011-09-07 2016-05-24 キヤノン株式会社 情報処理装置、情報処理方法
CN102724552B (zh) * 2012-05-30 2014-12-17 华为技术有限公司 一种图像编码方法、图像解码方法及装置
US9645923B1 (en) 2013-09-10 2017-05-09 Google Inc. Generational garbage collector on multiple heaps
CN108369795B (zh) * 2015-12-15 2021-03-30 精工爱普生株式会社 电路装置、电光装置、电子设备、移动体及错误检测方法
WO2023163258A1 (fr) 2022-02-28 2023-08-31 재단법인 오송첨단의료산업진흥재단 Système de mesure de posture/d'équilibre à l'aide d'un dispositif de sécurité de sujet et méthoe de mesure de posture/d'équilibre à l'aide de celui-ci

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2000194832A (ja) * 1998-12-25 2000-07-14 Canon Inc デ―タ制御装置、デ―タ処理システム、デ―タ制御方法、及び記憶媒体
JP2000341632A (ja) * 1999-05-26 2000-12-08 Matsushita Electric Ind Co Ltd 画像記録再生装置と画像再生装置と不正利用防止方法
JP2003152979A (ja) * 2001-11-09 2003-05-23 Toppan Printing Co Ltd 文書印刷装置および文書印刷方法
US20040236951A1 (en) 1998-04-30 2004-11-25 Jian Zhao Digital authentication with digital and analog documents

Family Cites Families (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP3154325B2 (ja) * 1996-11-28 2001-04-09 日本アイ・ビー・エム株式会社 認証情報を画像に隠し込むシステム及び画像認証システム
US5898779A (en) * 1997-04-14 1999-04-27 Eastman Kodak Company Photograhic system with selected area image authentication
JP4026933B2 (ja) 1998-06-24 2007-12-26 キヤノン株式会社 情報処理装置及び方法並びに記録媒体
US6993148B1 (en) 1999-07-16 2006-01-31 Canon Kabushiki Kaisha Image processing apparatus and method, and storage medium
US6826290B1 (en) 1999-10-20 2004-11-30 Canon Kabushiki Kaisha Image processing apparatus and method and storage medium
JP2001148776A (ja) 1999-11-18 2001-05-29 Canon Inc 画像処理装置及び方法及び記憶媒体
US7006257B1 (en) 1999-11-19 2006-02-28 Canon Kabushiki Kaisha Image processing apparatus, image processing method, and storage medium
US7142689B2 (en) 2000-01-31 2006-11-28 Canon Kabushiki Kaisha Image processing apparatus for determining specific images
US7197694B2 (en) * 2000-03-21 2007-03-27 Oki Electric Industry Co., Ltd. Image display system, image registration terminal device and image reading terminal device used in the image display system
US6741758B2 (en) 2000-04-07 2004-05-25 Canon Kabushiki Kaisha Image processor and image processing method
EP1231767B1 (fr) 2001-02-09 2011-04-13 Canon Kabushiki Kaisha Dispositif de traitement d'information et son procédé de commande, programme informatique, et support d'enregistrement
KR20030012487A (ko) 2001-08-01 2003-02-12 주식회사 마크애니 워터마킹 및 해쉬함수 기술을 이용한 동영상 송수신 장치및 방법
JP3977216B2 (ja) 2001-09-27 2007-09-19 キヤノン株式会社 情報処理装置及び方法及び情報処理プログラム及び記憶媒体
JP3937841B2 (ja) 2002-01-10 2007-06-27 キヤノン株式会社 情報処理装置及びその制御方法
US20030210803A1 (en) 2002-03-29 2003-11-13 Canon Kabushiki Kaisha Image processing apparatus and method
JP4143441B2 (ja) 2002-04-24 2008-09-03 キヤノン株式会社 情報処理方法及び装置、並びにコンピュータプログラム及びコンピュータ可読記憶媒体
JP4136731B2 (ja) 2002-04-24 2008-08-20 キヤノン株式会社 情報処理方法及び装置、並びにコンピュータプログラム及びコンピュータ可読記憶媒体
JP2004040246A (ja) 2002-06-28 2004-02-05 Canon Inc 情報処理装置、情報処理方法
JP4181802B2 (ja) 2002-06-28 2008-11-19 キヤノン株式会社 情報処理装置、情報処理方法、プログラム、記憶媒体
JP2004140668A (ja) 2002-10-18 2004-05-13 Canon Inc 情報処理方法
JP2004140667A (ja) 2002-10-18 2004-05-13 Canon Inc 情報処理方法
JP4612787B2 (ja) 2003-03-07 2011-01-12 キヤノン株式会社 画像データの暗号化装置の制御方法及び画像データ変換装置の制御方法、及び、それらの装置、並びにコンピュータプログラム及びコンピュータ可読記憶媒体
WO2005018136A1 (fr) 2003-07-11 2005-02-24 Canon Kabushiki Kaisha Procede, dispositif et programme de traitement d'informations de cle
US7454797B2 (en) * 2004-10-13 2008-11-18 Microsoft Corporation Secure image authentication with discrete level tamper localization
JP5043421B2 (ja) 2005-12-28 2012-10-10 キヤノン株式会社 情報処理装置およびその方法

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040236951A1 (en) 1998-04-30 2004-11-25 Jian Zhao Digital authentication with digital and analog documents
JP2000194832A (ja) * 1998-12-25 2000-07-14 Canon Inc デ―タ制御装置、デ―タ処理システム、デ―タ制御方法、及び記憶媒体
JP2000341632A (ja) * 1999-05-26 2000-12-08 Matsushita Electric Ind Co Ltd 画像記録再生装置と画像再生装置と不正利用防止方法
JP2003152979A (ja) * 2001-11-09 2003-05-23 Toppan Printing Co Ltd 文書印刷装置および文書印刷方法

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP1851950A4

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2503518A1 (fr) * 2011-03-22 2012-09-26 Kapsch TrafficCom AG Procédé de validation d'une transaction de péage
US8850198B2 (en) 2011-03-22 2014-09-30 Kapsch Trafficcom Ag Method for validating a road traffic control transaction

Also Published As

Publication number Publication date
JP4310285B2 (ja) 2009-08-05
EP1851950A1 (fr) 2007-11-07
EP1851950A4 (fr) 2010-11-10
US8050447B2 (en) 2011-11-01
EP1851950B1 (fr) 2015-04-08
KR100921512B1 (ko) 2009-10-12
KR20070102747A (ko) 2007-10-19
JP2006222628A (ja) 2006-08-24
CN100574359C (zh) 2009-12-23
US20080175431A1 (en) 2008-07-24
CN101116323A (zh) 2008-01-30

Similar Documents

Publication Publication Date Title
EP1851950B1 (fr) Procede et dispositif de traitement d'informations, programme informatique et support de stockage lisible par ordinateur
US6601172B1 (en) Transmitting revisions with digital signatures
US7970139B2 (en) Decrypting overlapping selected and encrypted image areas
US7552335B2 (en) Information processing apparatus, method therefor, computer program, and computer-readable storage medium
US8738917B2 (en) Image data verification
US7958361B2 (en) Information processing apparatus and method
JP4843287B2 (ja) 情報管理システム、情報処理装置及び情報管理方法
WO2012101910A1 (fr) Appareil et procédé de traitement d'informations, et programme
US10356063B2 (en) Image processing method and client device, image authentication method and server device
KR20130056342A (ko) 네트워크 환경에서의 안전하고 효율적인 컨텐츠 스크리닝
CN101118586A (zh) 信息处理设备和方法以及数据处理设备和方法
JP2007142930A (ja) 画像処理装置、ジョブログ生成方法、およびプログラム
JP2007334658A (ja) 署名検証装置、署名付与装置、及び、それらの制御方法、プログラム、記憶媒体
JP2007060352A (ja) 文書管理システム、文書管理プログラム及び文書管理方法
JP6940812B2 (ja) 情報処理装置、および、コンピュータプログラム
CN100347659C (zh) 打印装置、打印系统及签名验证方法
JP4748762B2 (ja) 署名生成方法及び情報処理装置
JP2003169050A (ja) 鍵管理装置、鍵管理方法、これを用いた記憶媒体およびプログラム
JP7180038B1 (ja) アートワーク管理方法、コンピュータ、及びプログラム
WO2023080075A1 (fr) Procédé d'émission de nft, ordinateur et programme
JP2003233586A (ja) 制御サーバ、サービス機能へのアクセス制御をコンピュータに実行させるためのプログラム、サービス機能の取得をコンピュータに実行させるためのプログラム、およびプログラムを記録したコンピュータ読取り可能な記録媒体
JP2009218710A (ja) 撮像装置、情報処理装置、撮像方法、及び情報処理方法
JP2008017167A (ja) データ処理システム、データ処理装置、指示書実行方法およびプログラム

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 11720958

Country of ref document: US

WWE Wipo information: entry into national phase

Ref document number: 2006712746

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 200680004482.1

Country of ref document: CN

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 1020077020652

Country of ref document: KR

WWP Wipo information: published in national office

Ref document number: 2006712746

Country of ref document: EP